[jira] Commented: (TRINIDAD-2023) CheckSerializationConfigurator should use the Trinidad specific ObjectInputStream (ObjectInputStreamResolveClass) class

Thu, 27 Jan 2011 23:46:13 -0800 

    [ 
https://issues.apache.org/jira/browse/TRINIDAD-2023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12987975#action_12987975
 ] 

Matthias Weßendorf commented on TRINIDAD-2023:
----------------------------------------------

The readObject() calls internally resolveObject().

On the Sun/Oracle JDK this has a little (undesired) side-effect:

protected Class<?> resolveClass(ObjectStreamClass desc)  throws IOException, 
ClassNotFoundException {
  String name = desc.getName();
  try {
    return Class.forName(name, false, latestUserDefinedLoader());
  }
  catch (ClassNotFoundException ex) {
    Class cl = (Class) primClasses.get(name);
    if (cl != null) {
      return cl;
    }
    else {
      throw ex;
    }
  }
}

latestUserDefinedLoader() is a native function whose exact behavior is 
documented as follows:

    /**
     * Returns the first non-null class loader (not counting class loaders of
     * generated reflection implementation classes) up the execution stack, or
     * null if only code from the null class loader is on the stack.  This
     * method is also called via reflection by the following RMI-IIOP class:
     *
     *     com.sun.corba.se.internal.util.JDKClassLoader
     *    
     * This method should not be removed or its signature changed without
     * corresponding modifications to the above class.
     */
    // REMIND: change name to something more accurate?
    private static native ClassLoader latestUserDefinedLoader();


suspicion is that it may be returning a classloader of an 'shared' class, that 
is deployed to a system-level classloader and it doesn't know about 
RowsetDefinitionState, leading to the ClassNotFoundException further in the 
deserialization process.

A common suggestion to get around this is to subclass ObjectInputStream to 
explicitly pass in a ClassLoader and override resolveClass. 

> CheckSerializationConfigurator should use the Trinidad specific 
> ObjectInputStream (ObjectInputStreamResolveClass) class 
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: TRINIDAD-2023
>                 URL: https://issues.apache.org/jira/browse/TRINIDAD-2023
>             Project: MyFaces Trinidad
>          Issue Type: Bug
>    Affects Versions: 2.0.0-beta-1
>            Reporter: Matthias Weßendorf
>
> Trinidad's CheckSerializationConfigurator uses the vanilla ObjectInputStream 
> class to read objects - this can cause ClassNotFoundException exceptions.
> For instance:
> java.lang.IllegalArgumentException: java.lang.ClassNotFoundException: 
> oracle.adf.model.dvt.binding.transform.RowsetDefinitionState
> at 
> org.apache.myfaces.trinidadinternal.config.CheckSerializationConfigurator$MutatedBeanChecker._deserializeObject(CheckSerializationConfigurator.java:574)
> at 
> org.apache.myfaces.trinidadinternal.config.CheckSerializationConfigurator$MutatedBeanChecker.checkForMutations(CheckSerializationConfigurator.java:525)
> at 
> org.apache.myfaces.trinidadinternal.config.CheckSerializationConfigurator$SerializationChecker.checkForMutations(CheckSerializationConfigurator.java:1041)
> at 
> org.apache.myfaces.trinidadinternal.config.CheckSerializationConfigurator$SerializationCheckingWrapper.checkForMutations(CheckSerializationConfigurator.java:351)
> at 
> org.apache.myfaces.trinidadinternal.config.CheckSerializationConfigurator.endRequest(CheckSerializationConfigurator.java:115)
> at 
> org.apache.myfaces.trinidadinternal.config.GlobalConfiguratorImpl._endConfiguratorServiceRequest(GlobalConfiguratorImpl.java:538)
> at 
> org.apache.myfaces.trinidadinternal.config.GlobalConfiguratorImpl.endRequest(GlobalConfiguratorImpl.java:295)
> at 
> org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:217)
> at 
> org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
> at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to